V

W

Z

123

** Provided to assist with the management of online shopping malls, this sample template may require amendments depending on the type of business. Before applying the following content to your shopping mall, check the management details of your mall and use and apply with discretion. **

SMILEDUCKS (herein after referred to as “the Company”) regards the privacy of users as highly important and complies with all regulations concerning the “Act on Protection of Information and Promotion of Utilization of Information and Communications Network.”By stating its privacy policy as shown below, the Company hereby informs users of the purpose and use of personal information provided by the user to the Company, and the measures taken for the protection of their personal information.

1. Personal information collected and the means of collection

A. Information we collect
• The Company collects the following data for the purpose of membership sign-ups, consultations, and service applications.
o When signing up for membership: Name, birthday, gender, ID, password, home phone number, mobile number, e-mail, legal representative information for subscribers under the age of 14.
o When applying for services: Address, payment information
• Information collected through use of online services or the processing process: use record, access log, cookies, connecting IP information, payment record, unruly use, and others.

The Company collects personal information for the following purposes and use.
• Provision of services obligated by fulfillment of contract and the payment that follows
Supply content, purchase and payment, delivery of goods, billing statements and others, user verifications for financial transactions and financial services.
• Member management
Identify user to access members-only services, verify user, prevent unauthorized use, check membership subscription, validate age, confirm consent/agreement from legal representative for users under the age of 14, handle complaints and civil affairs, and deliver notices.
• Marketing and promotional use
Delivery of events and unsolicited advertisements; gain a statistical understanding of the members’ frequency of access to and use of site.

3. Period of possession and utilization of personal information

As a general rule, once the personal data has fulfilled the purposes for which they were collected, they are to be immediately discarded. Except for the following that will be retained for certain periods for reasons noted below.

A. Information held according to the Company’s internal policies
Even when a member has canceled his/her membership, the member’s personal information may be retained for 00 years from the date of cancelation in order to resolve future disputes, to cooperate with the requests of law enforcement agencies, and to prevent the recurrence of fraudulent uses by unruly members.

B. Grounds for holding personal information according to applicable statutes
If retention of personal information is deemed necessary to operate in accordance to the provisions of relevant laws and regulations, including the Act on Consumer Protection in Electronic Commerce, then they will be held in possession by the Company for a certain period of time set by the relevant laws as noted below.
• Records related to contracts or withdrawal of subscription:
o Purpose of possession: Act on Consumer Protection in Electronic Commerce
o Possession period: 5 years
• Records related to payment and supply of goods
o Purpose of possession: Act on Consumer Protection in Electronic Commerce
o Possession period: 5 years
• Records related to consumer complaints or dispute settlement
o Purpose of possession: Act on Consumer Protection in Electronic Commerce
o Possession period: 3 years
• Records of log
o Purpose of possession: Protection of Communications Secrets Act
o Possession period: 3 months

4. Procedures and methods of discarding personal information

As a general rule, once the personal data has fulfilled the purposes for which they were collected, they are immediately discarded. The procedure and method to discard is detailed below.
• Discarding procedure
Following the cause for information protection according to the internal policies or related statutes, once the personal data has fulfilled the purposes they will be transferred to a separate database(DB) (or filed separately in a folder if in paper form), then it will be discarded after a certain period of time. Personal information that is transferred to a separate DB will not be used for any other purposes except in the case of the law.
• Discarding method
Use technical method to stop reproduction of personal information saved in electronic form.

5. Disclosing personal information

As a general rule, the Company shall not disclose user’s personal information to any external party except for the cases below.
• Prior consent from user
• Following the legislation rule or when law enforcement agencies require such information for investigative purposes during the process as prescribed by the law.

7. The rights of users and legal representatives and methods of exercising those rights

• The user may view or edit his/her personal information and request to terminate membership at any time.
• To view or edit a user’s personal information, click on ‘Edit Personal Information’ (or ‘Edit Member Information’) and to cancel subscription (terminate membership) click on ‘Terminate Membership.’ Upon clicking, you’ll be directed to an identification process before you can directly access, correct, or cancel membership.
• User may contact the chief privacy officer by letter, telephone or email, and necessary actions will be taken.
• Should a user request corrections on errors of personal information, the Company shall not use or provide any personal information until a correction is made. In addition, if the wrong personal information has already been provided to a third party, the Company shall immediately notify them so that a proper correction can be made.
• If personal information is canceled or deleted upon request of user, the Company will comply with the terms specified under “Period of possession and utilization of personal information,” and prohibit disclosure or use for any other purposes.

The Company uses ‘cookies’ that frequently save and retrieve your information. A cookie is a very small text file that the server, used to operate the Company’s website, sends to your browser. The file is saved in the hard disk of your computer.
The Company uses cookies for the following purposes:
• Use and purpose of cookies
o To analyze the frequencies of a member and non-member’s visit, understand user’s preferences and interests and track user’s footprints, and carry out target marketing and provide customized service by checking level of participation in various events and number of visits.
o You have the right of choice in regards to the installation of cookies. Accordingly, you may allow all cookies by modifying your cookie settings, go through a confirmation process whenever a cookie is saved, or refuse to have all cookies saved.
• Settings to reject establishment of cookies
o To reject establishment of cookies, select options on your web browser and change your settings to allow all cookies, go through a verification process before saving cookies, or reject to save all cookies.
o Example (For Internet Explorer)
- Go to ‘Tools’ located on the top of Web Browser > Internet Options > Privacy
o However, there may be certain difficulties in using the services if you reject the installment of cookies.

9. Civil services with respect to personal information

To protect your personal information and deal with complaints related to personal information, the Company has appointed the following department and chief privacy officer.
• Privacy Officer
Name : Lee Hae-Jung
Phone Number : +82-070-4334-7333
E-mail : iamseawell@naver.com

• You may report all complaints related to privacy protection, in using the Company’s service, to the chief privacy officer or the department in charge.
• The Company shall provide prompt and sufficient answers to your report.
• For further consultation or report on other privacy infringements, contact the following the following agencies.
o Privacy Rights Violation Complaint Center (privacy.kisa.or.kr / 118)
o Cybercrime Investigation Department, Supreme Prosecutor’s Office (www.spo.go.kr / 02-3480-2000)
o Cyber Bureau, National Police Agency (www.ctrc.go.kr/ 182)

10. Duty to notify

The Company shall notify users of any changes to this privacy policy through the website (or through individual notifications).
• This privacy policy will be enforced starting 1, Oct 2015.